ForGe – Computer Forensic Test Image Generator


Creating test material for computer forensic teaching or tool testing purposes has been a known problem. I encountered the issue in my studies of Computer Forensics at the University of Westminster. We were assigned a task to compare computer … Read more

Interpretation of NTFS Timestamps


File and directory timestamps are one of the resources forensic analysts use for determining when something happened, or in what particular order a sequence of events took place. As these timestamps usually are stored in some internal format, additional … Read more

Shrinking the gap: carving NTFS-compressed files

First published October 2009

Recovering deleted NTFS-compressed files

By Joachim Metz
Hoffmann Investigations

1.0 Joachim Metz September 2, 2009 Initial version.


An important part of digital forensic investigation is the recovery of data, particulary files. The recovery of

Read more

Dissecting NTFS Hidden Streams

First published July 2006

by Chetan Gupta
NII Consulting, Mumbai

Cyber Forensics is all about finding data where it is not supposed to exist. It is about keeping the mind open, thinking like the evil attacker and following
Read more
Share to...